CVE-2025-62429

High CVSS: 7.2

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is not performed, and by injecting malicious code an attacker can execute arbitrary PHP code. This allows an attacker to achieve RCE. This issue has been resolved in version 5.5.2 #147.

Vendor

Oxygenz

Product

Clipbucket

CWE

CWE-94

Yayın Tarihi

2025-10-20 17:15:38

Güncelleme

2025-11-10 19:58:23

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 Clipbucket HIGH Oxygenz 2025

Referanslar

https://github.com/MacWarrior/clipbucket-v5/commit/e81bac602c871bb1ad971884003a3a496a2ab50b https://github.com/MacWarrior/clipbucket-v5/releases/tag/5.5.2-%23147 https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3x4g-x3gv-rjmq https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-3x4g-x3gv-rjmq

Benzer Kayıtlar

High

CVE-2026-32321

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability ex…

Medium

CVE-2026-28354

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulne…

Low

CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can stor…

Medium

CVE-2026-26005

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows…

Critical

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) ra…

Critical

CVE-2026-21875

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind…